Skip to main content

Cisco DNA Center Discovery

Vulcan discovers your Cisco DNA Center (Catalyst Center) managed infrastructure, providing visibility into sites, network devices, fabric domains, and wireless infrastructure.

Overview

DNA Center discovery connects to the DNAC REST API to enumerate:

  • Sites — Areas, buildings, and floors
  • Network Devices — Routers, switches, wireless controllers
  • Fabric Domains — SD-Access fabric configurations
  • Wireless — Access points and their controllers

Discovered Resources

Node TypeDescription
dnac.controllerDNA Center appliance
dnac.siteGeneric site
dnac.areaGeographic area
dnac.buildingBuilding
dnac.floorFloor within a building
dnac.deviceGeneric network device
dnac.routerRouter
dnac.switchSwitch
dnac.wireless_controllerWireless LAN Controller
dnac.access_pointWireless Access Point
dnac.fabricSD-Access Fabric Domain

Setup

1. Create Read-Only User

In DNA Center:

  1. Go to System → Users & Roles → Add User
  2. Assign the OBSERVER role for read-only access
  3. Save the user credentials
Minimum Permissions

The OBSERVER role provides all necessary read access. Avoid using admin accounts for discovery.

2. Verify API Access

Ensure the DNA Center API is accessible:

https://<dnac-hostname>/dna/

3. Configure in Vulcan

  1. Go to Discovery → DNA Center tab
  2. Enter:
    • Base URL: https://dnac.example.com
    • Username: Your OBSERVER account
    • Password: Account password
  3. Click Run Discovery

Self-Signed Certificates

If your DNA Center uses a self-signed certificate, enable Skip TLS Verification in the configuration.

Discovered Data

Site Hierarchy

DNA Center's site hierarchy is preserved:

DNA Center
└── Global
    ├── North America
    │   ├── Headquarters (Building)
    │   │   ├── Floor 1
    │   │   └── Floor 2
    │   └── Branch Office (Building)
    └── Europe
        └── London Office (Building)

Device Inventory

For each device, Vulcan captures:

  • Hostname and management IP
  • Platform/model information
  • Software version and type
  • Serial number
  • Role (access, distribution, core, border)
  • Reachability status
  • Uptime

SD-Access Fabric

If SD-Access is configured:

  • Fabric domains and their sites
  • Border and control plane nodes
  • Edge nodes and their VNs

Compliance Integration

Discovered devices are evaluated against:

  • CIS Cisco IOS benchmarks
  • DISA STIGs for network devices
  • Custom compliance policies

API Reference

POST /api/v1/tenants/{id}/agentless/scan
{
  "provider": "dnac",
  "dnac": {
    "base_url": "https://dnac.example.com",
    "username": "observer-user",
    "password": "password",
    "insecure": false
  }
}

Supported Versions

  • Cisco DNA Center 2.x and later
  • Cisco Catalyst Center (rebranded DNAC)